Has Tor Been Compromised?

Because of the revelation this week of a coordinated international police action against what is commonly referred to as the “Dark Web,” law-abiding citizens who use Tor anonymity services to protect their anonymity while surfing the Internet are asking whether Tor has been compromised to the point that it is no longer effective.

The answer is simple.

Until further notice, you must assume Tor is no longer able to provide anonymity. However, depending on what you use Tor for, it may still be the best tool available for privacy while surfing the web.

Let me explain by starting with some factual background reporting about what happened this week.

As reported by The Washington Post in “U.S., European Authorities Strike Against Internet’s Black Markets”:

U.S. and European law enforcement agencies Friday announced the largest strike ever against the Internet’s thriving black markets, shutting down more than 400 sites and arresting 17 people for allegedly selling drugs, weapons and illegal services to anonymous buyers worldwide.

The sweep of the crackdown marked a new level of aggressiveness and coordination by Western governments determined to police shadowy corners of the Internet.

Government evidence showed the shuttered sites were offering a remarkable variety of illicit goods, including cocaine, counterfeit money and explosives.

Many once thought this trade was beyond the reach of police because the sites were accessible only through Tor, a service created by the U.S. government that directs Internet traffic through a succession of routers to hide the identities of users and the locations of servers. The ability of investigators to unmask the alleged operators of Tor sites sent shivers through those who use the service for more legitimate purposes, such as political activists, journalists and diplomats.

Several experts suggested that Tor’s ability to protect users and the locations of servers may have been compromised on a mass scale by sophisticated technological tools used by a coalition of Western law enforcement agencies that has been targeting what is often called “The Dark Web.” [emphasis added]

As you can see, the problem is that while the majority of us have no sympathy for those who use Tor to sell drugs and other undesirable contraband, there are many others who use Tor and other anonymizing tools for legitimate and constitutionally protected purposes.

With the Snowden revelations over the last year making it clear that the U.S. Government has an insatiable appetite to obtain every communication and monitor the Internet use of every American, a growing number of Americans have been using Tor to protect their lawful use of the Internet.

So we come back to the question of whether Tor has been compromised. Obviously, the answer is yes. But, the more important question is: How was Tor compromised and what does it mean for the future of Tor and other anonymity services?

Currently, there are two schools of thought.

The first school is referenced in the above quoted report. Tor may have been compromised by the use of “sophisticated technological tools.”

But there is a second school of thought that is discussed in more detail in a Wired magazine piece, “Global Web Crackdown Arrests 17, Seizes Hundreds of Dark Net Domains.”

That school of thought, championed with some obvious bias by the operators of the Tor Project, is that the individuals and websites infiltrated by law enforcement were taken down by means of old-fashioned police work. In other words, they were compromised by informants or other human expolits.

Here’s how Wired puts it:

Just how law enforcement agents were able to locate the Dark Web sites despite their use of the Tor anonymity software remains a looming mystery. In its criminal complaint against Benthall, for instance, FBI agent Vincent D’Agostini writes merely that in May of 2014 the FBI “identified a server located in a foreign country believed to be hosting the Silk Road 2.0 website at the time,” without explaining how it bypassed Tor’s protections. The sheer number of Tor-hosted sites affected by the takedown raises questions about whether law enforcement officials may have found new vulnerabilities in Tor’s well-tested anonymity shield.

Asked how Operation Onymous located the sites, Europol’s Oerting was unapologetically secretive. ‘This is something we want to keep for ourselves,’ he said. ‘The way we do this, we can’t share with the whole world, because we want to do it again and again and again.’

The organization that created and maintains Tor, the non-profit Tor project, said it didn’t have any more information on Operation Onymous’ techniques. But it downplayed the threat of a vulnerability in Tor’s safeguards for the tough-to-trace sites it protects known as Tor hidden services. ‘It sounds like old-fashioned police work continues to be effective,’ said Andrew Lewman. ‘It could be [that law enforcement targeted] common people or organizations running these hidden services, or a hosting company, or something more mundane than a hidden service exploit.’” [emphasis added]

To further explain why there are those who believe it was not a technical exploit of Tor that resulted in the arrests, Wired points out that quite a few of the most notorious Dark Web sites remain untouched and have quickly grown following the shutdown of the sites raided as part of Operation Onymous.

So what does all of this mean for those of us who just want to use Tor as a means of surfing the web and communicating without Big Brother and Corporate Conglomerates tracking our every move?

It means we need to do so with our eyes wide open to the possibility that Tor may have been technically compromised tempered with the understanding that, in all likelihood, we will soon know whether it was a technical exploit or a more mundane form of police work that was involved.

That answer, and how the Tor Project and other privacy advocates respond, will quickly lead to an understanding of whether Tor survives or fails as a tool for anonymity and what impact it has on other services that claim to provide anonymity.

You can be sure that I will watch closely for developments surrounding this important issue and I will keep you advised of those developments.

Personally, while I could care less about drug dealers and others who use the Internet for clearly dangerous purposes, I do believe law-abiding citizens should be able to use services that provide Internet anonymity.

And, until I see further evidence, I feel comfortable using Tor to provide general anonymity while surfing the web. My years of experience investigating major crimes in Washington DC lead me to believe it was a human exploit – not a technical compromise – that resulted in the success of Operation Onymous.

If I’m wrong, I’ll be the first to admit it.

What do you think? Email me at [email protected]

Be safe, secure and free!

Rob Douglas – Former Washington DC Private Detective

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.